Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of Allow HCP metrics collection for Envoy proxies into release/1.15.x #16611

Merged
merged 1 commit into from
Mar 10, 2023
Merged

Backport of Allow HCP metrics collection for Envoy proxies into release/1.15.x #16611

merged 1 commit into from
Mar 10, 2023

Conversation

freddygv
Copy link
Contributor

Replaces #16609 since it did not pull the entire change set from #16511

@Achooo @freddygv
Allow HCP metrics collection for Envoy proxies
c6c2133 
Co-authored-by: Ashvitha Sridharan <ashvitha.sridharan@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>

Add a new envoy flag: "envoy_hcp_metrics_bind_socket_dir", a directory
where a unix socket will be created with the name
`<namespace>_<proxy_id>.sock` to forward Envoy metrics.

If set, this will configure:
- In bootstrap configuration a local stats_sink and static cluster.
  These will forward metrics to a loopback listener sent over xDS.

- A dynamic listener listening at the socket path that the previously
  defined static cluster is sending metrics to.

- A dynamic cluster that will forward traffic received at this listener
  to the hcp-metrics-collector service.

Reasons for having a static cluster pointing at a dynamic listener:
- We want to secure the metrics stream using TLS, but the stats sink can
  only be defined in bootstrap config. With dynamic listeners/clusters
  we can use the proxy's leaf certificate issued by the Connect CA,
  which isn't available at bootstrap time.

- We want to intelligently route to the HCP collector. Configuring its
  addreess at bootstrap time limits our flexibility routing-wise. More
  on this below.

Reasons for defining the collector as an upstream in `proxycfg`:
- The HCP collector will be deployed as a mesh service.

- Certificate management is taken care of, as mentioned above.

- Service discovery and routing logic is automatically taken care of,
  meaning that no code changes are required in the xds package.

- Custom routing rules can be added for the collector using discovery
  chain config entries. Initially the collector is expected to be
  deployed to each admin partition, but in the future could be deployed
  centrally in the default partition. These config entries could even be
  managed by HCP itself.
@freddygv freddygv requested a review from a team as a code owner March 10, 2023 21:33
@github-actions github-actions bot added theme/api Relating to the HTTP API interface theme/cli Flags and documentation for the CLI interface theme/envoy/xds Related to Envoy support type/docs Documentation needs to be created/updated/clarified labels Mar 10, 2023
@freddygv freddygv added pr/no-changelog PR does not need a corresponding .changelog entry pr/no-backport labels Mar 10, 2023
@freddygv freddygv mentioned this pull request Mar 10, 2023
Closed
3 tasks
nathancoleman
nathancoleman approved these changes Mar 10, 2023
View reviewed changes
Copy link
Member

@nathancoleman nathancoleman left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Difference in diff size is insignificant, due to import changes that are not applicable to this base branch

@freddygv freddygv enabled auto-merge (squash) March 10, 2023 21:47
@freddygv freddygv merged commit 02f8ed4 into release/1.15.x Mar 10, 2023
@freddygv freddygv deleted the backport-1.15.x/pr-16511 branch March 10, 2023 21:50
@jjti jjti mentioned this pull request Aug 28, 2023
Closed
@dlaguerta dlaguerta mentioned this pull request Dec 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hashi-derek hashi-derek hashi-derek approved these changes

@nathancoleman nathancoleman nathancoleman approved these changes

Assignees
No one assigned
Labels
pr/no-backport pr/no-changelog PR does not need a corresponding .changelog entry theme/api Relating to the HTTP API interface theme/cli Flags and documentation for the CLI interface theme/envoy/xds Related to Envoy support type/docs Documentation needs to be created/updated/clarified
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@freddygv @nathancoleman @hashi-derek @Achooo